package org.neo4j.bolt.v1.transport.integration;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import java.util.function.Consumer;
import org.hamcrest.Matcher;
import org.hamcrest.MatcherAssert;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.neo4j.bolt.v1.messaging.message.InitMessage;
import org.neo4j.bolt.v1.messaging.message.PullAllMessage;
import org.neo4j.bolt.v1.messaging.message.ResponseMessage;
import org.neo4j.bolt.v1.messaging.message.RunMessage;
import org.neo4j.bolt.v1.messaging.util.MessageMatchers;
import org.neo4j.bolt.v1.transport.socket.client.SecureSocketConnection;
import org.neo4j.bolt.v1.transport.socket.client.SecureWebSocketConnection;
import org.neo4j.bolt.v1.transport.socket.client.SocketConnection;
import org.neo4j.bolt.v1.transport.socket.client.TransportConnection;
import org.neo4j.bolt.v1.transport.socket.client.WebSocketConnection;
import org.neo4j.function.Factory;
import org.neo4j.helpers.HostnamePort;
import org.neo4j.helpers.collection.MapUtil;
import org.neo4j.kernel.api.exceptions.Status;
import org.neo4j.kernel.internal.Version;
import org.neo4j.test.TestGraphDatabaseFactory;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/neo4j/bolt/v1/transport/integration/AuthenticationIT.class */
public class AuthenticationIT {

    @Parameterized.Parameter(0)
    public Factory<TransportConnection> cf;

    @Parameterized.Parameter(1)
    public HostnamePort address;
    protected TransportConnection client;

    @Rule
    public Neo4jWithSocket server = new Neo4jWithSocket(getClass(), getTestGraphDatabaseFactory(), getSettingsFunction());
    private final String version = "Neo4j/" + Version.getKernel().getReleaseVersion();

    protected TestGraphDatabaseFactory getTestGraphDatabaseFactory() {
        return new TestGraphDatabaseFactory();
    }

    protected Consumer<Map<String, String>> getSettingsFunction() {
        return map -> {
        };
    }

    @Parameterized.Parameters
    public static Collection<Object[]> transports() {
        return Arrays.asList(new Object[]{SocketConnection::new, new HostnamePort("localhost:7687")}, new Object[]{WebSocketConnection::new, new HostnamePort("localhost:7687")}, new Object[]{SecureSocketConnection::new, new HostnamePort("localhost:7687")}, new Object[]{SecureWebSocketConnection::new, new HostnamePort("localhost:7687")});
    }

    @Test
    public void shouldRespondWithCredentialsExpiredOnFirstUse() throws Throwable {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "neo4j", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess((Map<String, Object>) MapUtil.map(new Object[]{"credentials_expired", true, "server", this.version}))}));
    }

    @Test
    public void shouldFailIfWrongCredentials() throws Throwable {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "wrong", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgFailure(Status.Security.Unauthorized, "The client is unauthorized due to authentication failure.")}));
    }

    @Test
    public void shouldFailIfWrongCredentialsFollowingSuccessfulLogin() throws Throwable {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "neo4j", "new_credentials", "secret", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess()}));
        reconnect();
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "secret", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess()}));
        reconnect();
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "wrong", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgFailure(Status.Security.Unauthorized, "The client is unauthorized due to authentication failure.")}));
    }

    @Test
    public void shouldFailIfMalformedAuthTokenWrongType() throws Throwable {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", Collections.singletonList("neo4j"), "credentials", "neo4j", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgFailure(Status.Security.Unauthorized, "The value associated with the key `principal` must be a String but was: ArrayList")}));
    }

    @Test
    public void shouldFailIfMalformedAuthTokenMissingKey() throws Throwable {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "this-should-have-been-credentials", "neo4j", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgFailure(Status.Security.Unauthorized, "The value associated with the key `credentials` must be a String but was: null")}));
    }

    @Test
    public void shouldFailIfMalformedAuthTokenMissingScheme() throws Throwable {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "neo4j"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgFailure(Status.Security.Unauthorized, "The value associated with the key `scheme` must be a String but was: null")}));
    }

    @Test
    public void shouldFailIfMalformedAuthTokenUnknownScheme() throws Throwable {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "neo4j", "scheme", "unknown"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgFailure(Status.Security.Unauthorized, "Unsupported authentication scheme 'unknown'.")}));
    }

    @Test
    public void shouldBeAbleToUpdateCredentials() throws Throwable {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "neo4j", "new_credentials", "secret", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess()}));
        reconnect();
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "neo4j", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgFailure(Status.Security.Unauthorized, "The client is unauthorized due to authentication failure.")}));
        reconnect();
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "secret", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess()}));
    }

    @Test
    public void shouldBeAuthenticatedAfterUpdatingCredentials() throws Throwable {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "neo4j", "new_credentials", "secret", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess()}));
        this.client.send(TransportTestUtil.chunk(RunMessage.run("MATCH (n) RETURN n"), PullAllMessage.pullAll()));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess(), MessageMatchers.msgSuccess()}));
    }

    @Test
    public void shouldBeAbleToChangePasswordUsingBuiltInProcedure() throws Throwable {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "neo4j", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess((Map<String, Object>) MapUtil.map(new Object[]{"credentials_expired", true, "server", this.version}))}));
        this.client.send(TransportTestUtil.chunk(RunMessage.run("CALL dbms.security.changePassword", Collections.singletonMap("password", "secret")), PullAllMessage.pullAll()));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess()}));
        reconnect();
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "neo4j", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgFailure(Status.Security.Unauthorized, "The client is unauthorized due to authentication failure.")}));
        reconnect();
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "secret", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess()}));
    }

    @Test
    public void shouldBeAuthenticatedAfterChangePasswordUsingBuiltInProcedure() throws Throwable {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "neo4j", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess((Map<String, Object>) MapUtil.map(new Object[]{"credentials_expired", true, "server", this.version}))}));
        this.client.send(TransportTestUtil.chunk(RunMessage.run("CALL dbms.security.changePassword", Collections.singletonMap("password", "secret")), PullAllMessage.pullAll()));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess(), MessageMatchers.msgSuccess()}));
        this.client.send(TransportTestUtil.chunk(RunMessage.run("MATCH (n) RETURN n"), PullAllMessage.pullAll()));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess(), MessageMatchers.msgSuccess()}));
    }

    @Test
    public void shouldFailWhenReusingTheSamePassword() throws Throwable {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "neo4j", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess((Map<String, Object>) MapUtil.map(new Object[]{"credentials_expired", true, "server", this.version}))}));
        this.client.send(TransportTestUtil.chunk(RunMessage.run("CALL dbms.security.changePassword", Collections.singletonMap("password", "neo4j")), PullAllMessage.pullAll()));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgFailure(Status.General.InvalidArguments, "Old password and new password cannot be the same.")}));
    }

    @Test
    public void shouldFailWhenSubmittingEmptyPassword() throws Throwable {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "neo4j", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess((Map<String, Object>) MapUtil.map(new Object[]{"credentials_expired", true, "server", this.version}))}));
        this.client.send(TransportTestUtil.chunk(RunMessage.run("CALL dbms.security.changePassword", Collections.singletonMap("password", "")), PullAllMessage.pullAll()));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgFailure(Status.General.InvalidArguments, "A password cannot be empty.")}));
    }

    @Test
    public void shouldNotBeAbleToReadWhenPasswordChangeRequired() throws Throwable {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", "neo4j", "credentials", "neo4j", "scheme", "basic"}))));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgSuccess((Map<String, Object>) MapUtil.map(new Object[]{"credentials_expired", true, "server", this.version}))}));
        this.client.send(TransportTestUtil.chunk(RunMessage.run("MATCH (n) RETURN n"), PullAllMessage.pullAll()));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives((Matcher<ResponseMessage>[]) new Matcher[]{MessageMatchers.msgFailure(Status.Security.CredentialsExpired, "The credentials you provided were valid, but must be changed before you can use this instance.")}));
    }

    @Before
    public void setup() throws IOException {
        this.client = (TransportConnection) this.cf.newInstance();
    }

    @After
    public void teardown() throws Exception {
        if (this.client != null) {
            this.client.disconnect();
        }
    }

    private void reconnect() throws Exception {
        if (this.client != null) {
            this.client.disconnect();
        }
        this.client = (TransportConnection) this.cf.newInstance();
    }
}
